ahmido
cd811cff4f
## Summary - replace broad substring-based masking with a shared exact/path-based secret classifier and workspace-scoped fingerprint hashing - persist protected snapshot metadata on `policy_versions` and keep secret-only changes visible in compare, drift, restore, review, verification, and ops surfaces - add Spec 120 artifacts, audit documentation, and focused Pest regression coverage for snapshot, audit, verification, review-pack, and notification behavior ## Validation - `vendor/bin/sail artisan test --compact tests/Feature/Intune/PolicySnapshotRedactionTest.php tests/Feature/Intune/PolicySnapshotFingerprintIsolationTest.php tests/Feature/ReviewPack/ReviewPackRedactionIntegrityTest.php tests/Feature/OpsUx/OperationRunNotificationRedactionTest.php tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php` - `vendor/bin/sail bin pint --dirty --format agent` ## Spec / checklist status | Checklist | Total | Completed | Incomplete | Status | |-----------|-------|-----------|------------|--------| | requirements.md | 16 | 16 | 0 | ✓ PASS | - `tasks.md`: T001-T032 complete - `tasks.md`: T033 manual quickstart validation is still open and noted for follow-up ## Filament / platform notes - Livewire v4 compliance is unchanged - no panel provider changes; `bootstrap/providers.php` remains the registration location - no new globally searchable resources were introduced, so global search requirements are unchanged - no new destructive Filament actions were added - no new Filament assets were added; no `filament:assets` deployment change is required ## Testing coverage touched - snapshot persistence and fingerprint isolation - compare/drift protected-change evidence - audit, verification, review-pack, ops-failure, and notification sanitization - viewer/read-only Filament presentation updates Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #146
110 lines
11 KiB
Markdown
110 lines
11 KiB
Markdown
# Tasks: Secret Redaction Hardening & Snapshot Data Integrity
|
|
|
|
**Input**: Design documents from `/specs/120-secret-redaction-integrity/`
|
|
**Prerequisites**: plan.md (required), spec.md (required for user stories), research.md, data-model.md
|
|
|
|
**Tests**: For runtime behavior changes in this repo, tests are REQUIRED (Pest).
|
|
**RBAC**: The feature keeps existing authorization planes intact. Tenant/admin surfaces remain under `/admin`. Non-members remain 404, members missing capability remain 403.
|
|
**Filament UI Action Surfaces**: Existing surfaces are read-only updates only. No new tenant-facing or platform-facing action workflow is introduced in this reduced scope.
|
|
**Organization**: Tasks are grouped by user story to enable independent implementation and testing.
|
|
|
|
## Phase 1: Setup
|
|
|
|
**Purpose**: Shared test utilities used across snapshot and sanitizer work.
|
|
|
|
- [X] T001 Create shared protected snapshot assertions in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Support/ProtectedSnapshotAssertions.php
|
|
|
|
---
|
|
|
|
## Phase 2: Foundational
|
|
|
|
**Purpose**: Core persistence and classifier infrastructure that MUST be complete before user-story work.
|
|
|
|
- [X] T002 Add `policy_versions.secret_fingerprints` and `policy_versions.redaction_version` in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/database/migrations/2026_03_07_000121_add_redaction_contract_to_policy_versions_table.php
|
|
- [X] T003 Update casts and factory defaults for the new redaction fields in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Models/PolicyVersion.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/database/factories/PolicyVersionFactory.php
|
|
- [X] T004 Implement the shared exact/path-based classifier and DTO in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/SecretClassificationService.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/ProtectedSnapshotResult.php
|
|
- [X] T005 Implement deterministic protected snapshot building with JSON Pointer fingerprint paths in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/PolicySnapshotRedactor.php
|
|
- [X] T006 Implement workspace-scoped fingerprint HMAC derivation in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/SecretFingerprintHasher.php
|
|
- [X] T007 Add a regression guard for forbidden substring-based storage and audit-path redaction patterns in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Guards/NoBroadSecretRedactionPatternsTest.php
|
|
- [X] T008 Add an audit-path guard for forbidden broad redaction fallbacks in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Guards/Spec120NoBroadAuditRedactionFallbacksTest.php
|
|
- [X] T009 Add a scope guard proving phase 1 does not require `GraphContractRegistry` secret metadata in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Guards/Spec120NoGraphContractSecretMetadataTest.php
|
|
|
|
---
|
|
|
|
## Phase 3: User Story 1 - Preserve trustworthy drift and compare evidence (Priority: P1)
|
|
|
|
**Goal**: Persist protected snapshots without corrupting safe configuration fields and keep secret-only changes visible to drift/compare workflows.
|
|
|
|
### Tests for User Story 1
|
|
|
|
- [X] T010 Add classifier corpus coverage for safe fields, protected fields, and JSON Pointer paths in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Unit/Intune/SecretClassificationServiceTest.php
|
|
- [X] T011 Update snapshot persistence and secret-only version-change coverage in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Intune/PolicySnapshotRedactionTest.php
|
|
- [X] T012 Add workspace-isolation fingerprint coverage in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Intune/PolicySnapshotFingerprintIsolationTest.php
|
|
- [X] T013 Add compare/drift protected-change coverage in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Baselines/BaselineCompareProtectedChangeTest.php
|
|
|
|
### Implementation for User Story 1
|
|
|
|
- [X] T014 Refactor snapshot persistence to write `[REDACTED]`, `secret_fingerprints`, and `redaction_version` in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/VersionService.php
|
|
- [X] T015 Remove duplicate pre-redaction and align version reuse with the protected snapshot contract in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/PolicyCaptureOrchestrator.php
|
|
- [X] T016 Integrate workspace-scoped fingerprint derivation into protected snapshot generation in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/PolicySnapshotRedactor.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/VersionService.php
|
|
- [X] T017 Update composite version identity hashing for secret-only changes in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Drift/DriftHasher.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/VersionService.php
|
|
- [X] T018 Surface protected-change evidence in compare and diff generation in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Jobs/CompareBaselineToTenantJob.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Drift/DriftFindingDiffBuilder.php
|
|
- [X] T019 Preserve restore fidelity while carrying redaction integrity metadata forward in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/RestoreService.php
|
|
|
|
---
|
|
|
|
## Phase 4: User Story 2 - Protect secrets consistently across operational surfaces (Priority: P2)
|
|
|
|
**Goal**: Reuse the same classification rules across audit, verification, monitoring, review/export, and viewer surfaces without hiding harmless configuration language.
|
|
|
|
### Tests for User Story 2
|
|
|
|
- [X] T020 Expand audit false-positive and audit-log persistence coverage in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Unit/AuditContextSanitizerTest.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Audit/WorkspaceAuditLoggerRedactionTest.php
|
|
- [X] T021 Expand verification sanitizer and viewer readability coverage in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Unit/VerificationReportSanitizerEvidenceKindsTest.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php
|
|
- [X] T022 Add review/export artifact redaction-integrity coverage in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/ReviewPack/ReviewPackRedactionIntegrityTest.php
|
|
- [X] T023 Expand failure-message and monitoring readability coverage in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Unit/OpsUx/RunFailureSanitizerTest.php, /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/OpsUx/FailureSanitizationTest.php, and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Operations/TenantlessOperationRunViewerTest.php
|
|
- [X] T024 Add explainability coverage for protected-value messaging in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Drift/DriftFindingDetailTest.php
|
|
- [X] T025 Add notification payload sanitization coverage for redaction-safe terminal messages in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/OpsUx/OperationRunNotificationRedactionTest.php
|
|
|
|
### Implementation for User Story 2
|
|
|
|
- [X] T026 Switch audit sanitization to the shared classifier in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Support/Audit/AuditContextSanitizer.php, /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Audit/WorkspaceAuditLogger.php, and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Services/Intune/AuditLogger.php
|
|
- [X] T027 Switch verification and ops-failure sanitizers to the shared classifier in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Support/Verification/VerificationReportSanitizer.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Support/OpsUx/RunFailureSanitizer.php
|
|
- [X] T028 Apply redaction-integrity rules to review/export artifacts and operation notification payloads in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Jobs/GenerateReviewPackJob.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Notifications/OperationRunCompleted.php
|
|
- [X] T029 Add protected-value messaging to evidence viewers in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Filament/Resources/FindingResource/Pages/ViewFinding.php, /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Filament/Support/VerificationReportViewer.php, and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Filament/Widgets/Tenant/TenantVerificationReport.php
|
|
- [X] T030 Update operations detail rendering and terminal notification copy for protected values in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Filament/Pages/Operations/TenantlessOperationRunViewer.php and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/app/Support/OpsUx/OperationUxPresenter.php
|
|
|
|
---
|
|
|
|
## Phase 5: Polish & Cross-Cutting Concerns
|
|
|
|
- [X] T031 Run the focused Spec 120 Pest suites covering /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Intune/PolicySnapshotRedactionTest.php, /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Intune/PolicySnapshotFingerprintIsolationTest.php, /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/ReviewPack/ReviewPackRedactionIntegrityTest.php, /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/OpsUx/OperationRunNotificationRedactionTest.php, and /Users/ahmeddarrazi/Documents/projects/TenantAtlas/tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php
|
|
- [X] T032 Run formatting on touched PHP files with `vendor/bin/sail bin pint --dirty --format agent`
|
|
- [ ] T033 Validate the manual scenarios documented in /Users/ahmeddarrazi/Documents/projects/TenantAtlas/specs/120-secret-redaction-integrity/quickstart.md
|
|
|
|
---
|
|
|
|
## Dependencies & Execution Order
|
|
|
|
### Phase Dependencies
|
|
|
|
- **Setup (Phase 1)**: No dependencies.
|
|
- **Foundational (Phase 2)**: Depends on Setup completion and blocks all story work.
|
|
- **User Story 1 (Phase 3)**: Starts after Foundational completion.
|
|
- **User Story 2 (Phase 4)**: Starts after Foundational completion and may be developed in parallel with US1 once the shared classifier, workspace-scoped hasher, and schema are in place.
|
|
- **Polish (Phase 5)**: Depends on the desired stories being complete.
|
|
|
|
### Within Each User Story
|
|
|
|
- Tests must be written first and fail before implementation.
|
|
- Persistence/model updates precede service refactors.
|
|
- Service refactors precede viewer/export integration.
|
|
- Ops-UX behavior and authorization semantics must be preserved before a story is considered done.
|
|
|
|
### Parallel Opportunities
|
|
|
|
- **Foundational**: T006, T007, T008, and T009 can run in parallel after T002 begins; T003 depends on T002.
|
|
- **US1**: T010, T011, T012, and T013 can run in parallel.
|
|
- **US2**: T020, T021, T022, T023, T024, and T025 can run in parallel.
|
|
- **Polish**: T031 and T033 can run in parallel before T032 finalizes formatting.
|